Feb 09 2010

Network Stats with Iptables

Published by at 11:42 am under Linux

As any other firewall, iptables is also able to do network statistics reporting. the -v (–verbose) option makes the list command (-L) show the packet and byte counters. Network stats are available on a per rule basis. Here’s an example on the INPUT chain:
 

[stats@network_server]$ sudo iptables -nvL INPUT
Chain INPUT (policy DROP 74941 packets, 7900K bytes)
 pkts bytes target prot opt in out source    destination
1392K  543M ACCEPT all  --  lo *   0.0.0.0/0 0.0.0.0/0
1179K  680M ACCEPT all  --  *  *   0.0.0.0/0 0.0.0.0/0   state RELATED,ESTABLISHED
   10   524 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:22
   25  1200 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:21
 5372  260K ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:80
 5842  280K ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:3306 /* Mysql */
   97  4536 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:9999 /* APP */
    0     0 ACCEPT udp  --  *  *   0.0.0.0/0 0.0.0.0/0   udp dpt:69 /* TFTP */
    0     0 ACCEPT udp  --  *  *   0.0.0.0/0 0.0.0.0/0   udp dpt:161 /* SNMP requests */
   73  4380 ACCEPT icmp --  *  *   0.0.0.0/0 0.0.0.0/0   icmp type 8

 
No need to restart iptables to reset packet and byte counters, the built-in -Z or –zero flag makes it for you:
 

[stats@network_server]$ sudo iptables -Z INPUT
[stats@network_server]$ sudo iptables -nvL INPUT
Chain INPUT (policy DROP 74945 packets, 7901K bytes)
 pkts bytes target prot opt in out source    destination
    0     0 ACCEPT all  --  lo *   0.0.0.0/0 0.0.0.0/0
    7   436 ACCEPT all  --  *  *   0.0.0.0/0 0.0.0.0/0   state RELATED,ESTABLISHED
    0     0 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:22
    0     0 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:21
    0     0 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:80
    0     0 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:3306 /* Mysql */
    0     0 ACCEPT tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   state NEW tcp dpt:9999 /* APP */
    0     0 ACCEPT udp  --  *  *   0.0.0.0/0 0.0.0.0/0   udp dpt:69 /* TFTP */
    0     0 ACCEPT udp  --  *  *   0.0.0.0/0 0.0.0.0/0   udp dpt:161 /* SNMP requests */
    0     0 ACCEPT icmp --  *  *   0.0.0.0/0 0.0.0.0/0   icmp type 8

 
On top of doing its firewall job and, even if you don’t make use of it, iptables may help you identifying more precisely the root cause of network traffic or simply get network stats of what’s going in and out your servers.


No responses yet

Comments RSS

Leave a Reply